Article published In Meed and Airport Cities
Written by Mike Cannon May 2004

The attack on the Twin Towers in New York and the recent assassination of the former Prime Minister of Lebanon, show a high degree of rigorous planning, preparation and detailed knowledge of the target. What is most striking is the time and effort spent by terrorists and other groups in gathering information to assist with the target selection and operational planning. Any thought that these events occur by chance or on a whim should be banished.

There is a generally set modus operandi employed in the planning and execution of an attack or serious crime, regardless of the target. These will differ group by group and whilst some may be crude, the majority are professional in nature and military in their precision. A key element is acquiring as much information and intelligence as possible, through open and covert means. This process will entail thorough studies of airport plans, maps, satellite imagery, and websites, followed by surveillance on the ground. The attacks of September 11th 2001, in New York were conceived in the late 1990’s and only executed after 50 dry runs or evaluation flights!

The majority of competitive intelligence is legitimately available. Al Qaeda estimates this to be 80% of their specialised needs. The remaining 20% can be obtained from unsuspecting employees, divulging valuable information off-site, or through ineffective security policies and procedures allowing information to be gathered covertly. The more information denied through effective pre-employment screening, physical, electronic and information security policies and procedures, the greater reliance on reconnaissance and surveillance.

Surveillance is an essential prerequisite to any terrorist attack, kidnap, assassination or robbery. To maximise the likelihood of success, a target must be placed under surveillance to assess and evaluate security arrangements and identify vulnerabilities. As a result the most common pre-incident indicator involves physical surveillance in and around a potential target, to assess and evaluate vulnerabilities to a given type of attack.

Firstly an attacker will need to establish the most suitable location(s) and method which afford the best opportunity to gather intelligence. At times it may not be possible for a potential attacker to avoid being seen, however not being noticed is vital. A variety of props and disguises may be used to help blend in and avoid attracting attention. To allow closer access to a target terrorists have in the past commandeered or stolen official vehicles, uniforms and identities or designed imitations to facilitate targeting and attacks. This was illustrated in the December 2002 suicide attack on the Chechen Government Headquarters in Grozny, in which 83 people were killed and 200 injured.

Part of the intelligence gathering process against an airport may include bomb threats to gauge security reaction and overall response. Prior to the 1998 attack on U.S. Embassy in Nairobi, which claimed the lives of 213 and injured 5,023, a series of bomb threats was received before the attack. Surveillance in this particular case commenced 5 years earlier.

Even if an insider were to provide some or all of the tactical intelligence, it would still necessitate some form of surveillance. This surveillance will validate the intelligence and allow the attack team to familiarise themselves with the airport. Positive target identification is paramount, particularly in cases involving attacks or actions against individuals. In one case, Chechen rebels ran a ‘mole’ within Sleptsovsky Airport, in Russia’s North Caucasus for nearly 18 months. Through the ‘mole’s’ extensive access militants were able to identify numerous high-net worth individuals for kidnap and ransom.

Surveillance and targeting can be hampered by a number of measures including: good access control to airside areas, frequent checks of specific points where terrorists or criminals are most likely to execute surveillance and likely attack positions, daily review of CCTV footage and not forming patterns, in respect to high worth individuals, movement of high value goods…

An effective means by which to counter the threat of surveillance is to understand how it is conducted and how best to detect it. Security awareness is rarely enough to detect surveillance, if conducted with a level of professionalism. Airport induction training should embrace surveillance awareness training, to tap into this often underutilised resource, in an effort to detect hostile surveillance. Staff with responsibilities for security and individuals deemed at risk, should receive additional practical anti and counter surveillance training, to assist with airport and personal protection.

A threat database must form an integral part of an airport’s security programme, helping to transform valuable, but raw, information into useful intelligence, in a timely manner. Creating a database allows for analysis and comparison with previously gathered data, almost instantaneously. Furthermore, it reduces the time it takes to identify suspicious patterns, thus affording more time to implement an effective response.

Surveillance awareness and routinely employing anti and counter surveillance techniques will dramatically increase the likelihood of early detection and thus timely warning of a planned attack or action. Recognising surveillance buys time to review threat levels, security arrangements and allows counter measures to be initiated to either eliminate or reduce the risk to an acceptable level.

Author Notes:

Michael F. Cannon DCM, CPP, MSyI is a surveillance and counter terrorism advisor, with operational careers in the United Kingdom’s Ministry of Defence, Special Forces and Drum Cussac, an international risk management company. mfc@drum-cussac.com +44 (0) 870 429 6944